[solved] CORS Issue

#1
Hello!
I'm frustrated. I've got a CORS issue, and can't seem to resolve it.
The link is: stripped
It's throwing CORS error because it's trying to load a font at stripped I've got a rule in the .htaccess, but it doesn't seem to help. Can you tell me what I should add and where? Pulling my hair out on this one.
Thanks!
 
Last edited:

Tishu

Well-Known Member
#2
Hello,

I just check that page and i can see that the font ( https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf ) its loading fine with no problem.
 
Last edited by a moderator:

NiteWave

Administrator
#4
for rules in
https://www.litespeedtech.com/suppo...n-lsws-but-works-in-apache.16382/#post-102554
Code:
RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(domain1.com|domain2.com)$
RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN
replace with actual domain
Code:
RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(soldiersbestfriend.org)$
RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN
 
#5
I tried that at one point too. I see the header:
Code:
Access-Control-Allow-Origin => *
at http://www.webconfs.com/http-header-check.php, but Chrome doesn't seem to honor this at all.
I'm not sure what to do to make Chrome listen.
 
Last edited by a moderator:

NiteWave

Administrator
#6
but
Code:
~>curl -I https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
HTTP/1.1 200 OK
Date: Tue, 05 Jun 2018 14:13:14 GMT
Content-Type: font/ttf
Content-Length: 92400
Connection: keep-alive
Set-Cookie: __cfduid=d2a5bd3821563221e212edf26a24c2ba51528207994; expires=Wed, 05-Jun-19 14:13:14 GMT; path=/; domain=.soldiersbestfriend.org; HttpOnly
Cache-Control: public, max-age=2592000
Expires: Thu, 05 Jul 2018 14:13:14 GMT
Last-Modified: Tue, 29 May 2018 23:05:44 GMT
Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
X-Turbo-Charged-By: LiteSpeed
CF-Cache-Status: HIT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 42633d1e795d57dd-DFW
no "Access-Control-Allow-Origin:*" in it.
 
#7
That must be the problem then. How do I get the header there? I have an htaccess file in the wp-content/themes/Divi/core/admin/fonts/ folder.
 
#9
The same thing as the .htaccess in public_html. I copied the whole htaccess file and moved it to the wp-content/themes/Divi/core/admin/fonts/
 

NiteWave

Administrator
#14
looks like the issue already resolved:
Code:
~>curl -I https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
HTTP/1.1 200 OK
Date: Wed, 06 Jun 2018 03:50:40 GMT
Content-Type: font/ttf
Content-Length: 92400
Connection: keep-alive
Set-Cookie: __cfduid=df39f0e6e44c8cf5a3e1cb4796ca82c691528257040; expires=Thu, 06-Jun-19 03:50:40 GMT; path=/; domain=.soldiersbestfriend.org; HttpOnly
Cache-Control: public, max-age=2592000
Expires: Fri, 06 Jul 2018 03:50:40 GMT
Last-Modified: Mon, 04 Jun 2018 13:32:31 GMT
Access-Control-Allow-Origin: *
Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
X-Turbo-Charged-By: LiteSpeed
CF-Cache-Status: HIT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4267ea881edd5801-DFW
now header "Access-Control-Allow-Origin: *" is there.
 
#16
Hi I have the same issue
Access to font at 'https://cdn.zamzamplace.com/wp-content/themes/buddyboss-theme/assets/fonts/SFUIText-Regular.woff' from origin 'https://zamzamplace.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Screen Shot 2020-04-21 at 3.38.17 AM.png

all because I created cloudfront distribution using WP off load plugin

https://deliciousbrains.com/wp-offload-media/#addons

I tried it this code over there correctly as follow in Htaccess file first thing on the top.

RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(domain1.com|domain2.com)$
RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN

and finally I tried this as well https://openlitespeed.org/kb/setting-up-cors-on-openlitespeed/
however nothing working for me. I am working on this for few days already. here is what I am using
1- aws EC2 server
2- open lite speed server
3- subdirectory multisite wordpress
4- buddyboss theme
I would appreciate the help
 
Top